search

FredHutch / motuz

Motuz - A web based infrastructure for large scale data movements between on-premise and cloud
MIT License
103 stars 12 forks source link

Found a possible security concern #395

Open JamieSlome opened 2 years ago

JamieSlome commented 2 years ago

Hey there!

I belong to an open source security research community, and a member (@ysf) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

dtenenba commented 2 years ago

SECURITY.md has been added.

Thank you!

JamieSlome commented 2 years ago

@dtenenba - e-mail sent! 👍

You can also view the report directly here:

https://huntr.dev/bounties/d46f91ca-b8ef-4b67-a79a-2420c4c6d52b/

It is private and only accessible to maintainers with repository write permissions!